Upgrade k8s v0.34.8, controller-runtime v0.22.5 (OCP 4.21 alignment)

[clcollins]

Summary

• Upgrade k8s.io/api, apimachinery, client-go from v0.29.3 to v0.34.8 and controller-runtime from v0.17.3 to v0.22.5, aligning with OpenShift 4.21
• Migrate all 15 event handler signatures to typed interfaces (TypedCreateEvent[client.Object], TypedRateLimitingInterface[reconcile.Request])
• Migrate test files from deprecated WithRuntimeObjects/[]runtime.Object to WithObjects/[]client.Object
• Modernize sets.NewString() to generic sets.New[string]() API
• Remove 6 dead gosec G601 loop variable workarounds (Go 1.22+ scopes per-iteration)
• Add queue-level event handler tests (Create/Update/Delete/Generic, de-duplication)
• Add scripts/validate-event-handlers.sh for pre/post-upgrade live cluster validation
• Regenerate CRD with x-kubernetes-list-type: atomic annotations
• Update boilerplate to latest version

PR Disposition

Resolves these open dependency PRs (close after merge):

PR	Module	Resolution
#355	go-openapi packages	Resolved by transitive deps
#356	kubernetes v0.29→v0.36	Partially subsumed (we go to v0.34)
#361	gnostic-models v0.7.1	Resolved by transitive deps
#425	golang.org/x/net v0.54.0	Resolved
#426	structured-merge-diff v4.7.0	Subsumed by v4→v6
#427	sigs.k8s.io/yaml v1.6.0	Resolved
#428	imdario/mergo v0→v1	Dependency eliminated entirely
#429	go.yaml.in/yaml v2→v3	Resolved by transitive deps
#430	gomodules.xyz/jsonpatch v2→v3	Stays at v2, minor bump
#431	gopkg.in/yaml.v2→v3	Dependency eliminated entirely
#432	structured-merge-diff v4→v6	Resolved by transitive deps

Leave open:

PR	Why
#365	prometheus-operator blocked by operator-custom-metrics pin
#420	Targets k8s v0.36.1 (Go 1.26) — needs boilerplate Go 1.26 support first

Test plan

• go build ./... passes (Go 1.25)
• go test ./... -count=1 — all pass
• go vet ./... — clean
• make container-lint — 0 issues
• make container-test — all pass
• make container-coverage — passes
• make container-generate — passes
• CI pipeline passes
• Run scripts/validate-event-handlers.sh on integration hive post-rollout

Pre/post-upgrade validation with validate-event-handlers.sh

Run on each hive before the upgrade rolls out to capture a baseline, then again after to confirm no regressions:

# Before upgrade — capture baseline
./scripts/validate-event-handlers.sh -t <SREP-TICKET> -v 2>&1 | tee /tmp/event-handler-baseline.txt

# After upgrade — compare
./scripts/validate-event-handlers.sh -t <SREP-TICKET> -v 2>&1 | tee /tmp/event-handler-post-upgrade.txt
diff /tmp/event-handler-baseline.txt /tmp/event-handler-post-upgrade.txt

The script validates 7 checks against the live operator pod:

1. Cluster connection (prerequisite)
2. Watch registration — expects >= 5 Starting EventSource log entries
3. Reconciliation activity — at least 1 Reconciling PagerDutyIntegration entry
4. Reconcile completion — Reconcile complete entries with duration
5. Error-free operation — no panics/runtime errors, pod restart count = 0
6. PD API heartbeat — Metrics for PD API entries confirm connectivity
7. Image version — reports deployed image tag for manual comparison

Options: -t (ticket, required), -v (verbose), -j (JSON output), -n (namespace override, default: pagerduty-operator)

🤖 Generated with Claude Code

Summary by CodeRabbit

• New Features

  • Added an operator validation script for diagnostics and troubleshooting.

• Refactor

  • Modernized event processing to use typed APIs.
  • Simplified controller iteration handling.
  • Deterministic finalizer ordering for more reliable cleanup.

• Chores

  • Updated Kubernetes-related dependencies to newer versions.
  • Regenerated/rewrapped CRD YAML and refreshed formatting.
  • Minor pre-commit guidance/doc updates.

• Tests

  • Expanded event-handler tests to validate queue behavior, deduplication, and owner handling.

• API

  • Marked selector list as atomic in the CRD schema.

[clcollins]

/label tide/merge-method-squash

🤖 Claude claude@anthropic.com commenting on behalf of @clcollins

[coderabbitai]

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

• @coderabbitai resume to resume automatic reviews.
• @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

• ▶️ Resume reviews
• 🔍 Trigger review

Walkthrough

Modernize event handlers to typed controller-runtime APIs, update tests and fake clients to client.Object and typed queues, remove loop-variable copies, deterministically sort finalizers, bump dependencies and CRD list-type, and add an operator validation script.

Changes

Operator modernization and validation

Layer / File(s)	Summary
Event handler type migration and cleanup controllers/pagerdutyintegration/event_handlers.go	Three event handler implementations convert to typed controller-runtime APIs (event.Typed*Event[client.Object], workqueue.TypedRateLimitingInterface[reconcile.Request]); internal map-and-enqueue helpers accept typed queues; removed per-iteration loop-variable aliasing.
Event handler tests and queue-method validation controllers/pagerdutyintegration/event_handlers_test.go	Test fixtures switch from []runtime.Object to []client.Object; fake client builders now use WithObjects(...); added newTestScheme() and new typed-queue tests asserting enqueue counts, names, and deduplication.
Controller loop variable cleanup & tests controllers/pagerdutyintegration/pagerdutyintegration_controller.go, controllers/pagerdutyintegration/pagerdutyintegration_controller_test.go	Removed unnecessary per-iteration local copies when taking addresses in reconciliation loops; controller tests updated to use []client.Object and WithObjects(...).
CRD schema and dependency updates deploy/crds/pagerduty.openshift.io_pagerdutyintegrations.yaml, deploy_pko/CustomResourceDefinition-pagerdutyintegrations.pagerduty.openshift.io.yaml, go.mod	Added x-kubernetes-list-type: atomic to spec.clusterDeploymentSelector.matchExpressions; regenerated CRD YAML formatting; bumped Kubernetes direct dependencies and refreshed many indirect modules.
Finalizer deterministic ordering & minor tests pkg/utils/utils.go, pkg/pagerduty/service_test.go	Finalizer helpers now build a set and write a sorted finalizer list (slices.Sort) to ensure deterministic ordering; a minor test line-span adjustment in TestParseIncidentNumbers.
Operator validation script & pre-commit comments scripts/validate-event-handlers.sh, .pre-commit-config.yaml	New Bash script performs seven operator/cluster checks (logs, watches, reconcile durations, panics, PD API heartbeat, image tag) with JSON/human output; pre-commit INSTALL and blame-ignore comments updated.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

---

Important

Pre-merge checks failed

Please resolve all errors before merging. Addressing warnings is optional.

❌ Failed checks (1 error, 1 warning)

Check name	Status	Explanation	Resolution
No-Sensitive-Data-In-Logs	❌ Error	The validation script logs internal infrastructure data: CLUSTER (Kubernetes API URL) via verbose() and POD_IMAGE (container registry URL) in log_success(), which may expose internal hostnames.	Remove or redact logging of CLUSTER and POD_IMAGE variables, or only output sanitized info (e.g., image tag without registry, cluster name without URL).
Docstring Coverage	⚠️ Warning	Docstring coverage is 13.04% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (13 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately describes the main objective: upgrading Kubernetes and controller-runtime dependencies to specific versions for OpenShift 4.21 alignment, which is the primary change reflected across go.mod and the codebase.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Stable And Deterministic Test Names	✅ Passed	All test names use static, descriptive strings with no dynamic values. Repository uses standard Go testing, not Ginkgo. No fmt.Sprintf, string concat, UUIDs, pod names, or timestamps in test titles.
Test Structure And Quality	✅ Passed	This repository uses standard Go testing, not Ginkgo. The custom check requirement does not apply to this codebase.
Microshift Test Compatibility	✅ Passed	No Ginkgo e2e tests are added in this PR. The custom check only applies when new Ginkgo tests (It(), Describe(), etc.) are introduced; all test additions here are standard Go unit tests.
Single Node Openshift (Sno) Test Compatibility	✅ Passed	No new Ginkgo e2e tests found. Changes are unit test updates using standard Go testing package and dependency upgrades. Check is not applicable.
Topology-Aware Scheduling Compatibility	✅ Passed	PR introduces no scheduling constraints. Operator deployment remains single-replica with no affinity/nodeSelector constraints, compatible with all topologies.
Ote Binary Stdout Contract	✅ Passed	OTE stdout contract does not apply; this is a controller-runtime operator (not OTE test binary) with proper stderr-directed zap logging.
Ipv6 And Disconnected Network Test Compatibility	✅ Passed	PR does not add any Ginkgo e2e tests; all test changes are standard Go unit tests using (*testing.T). Custom check is not applicable.
No-Weak-Crypto	✅ Passed	No weak cryptographic algorithms (MD5, SHA1, DES, RC4, 3DES, Blowfish, ECB), custom crypto implementations, or non-constant-time secret comparisons detected in the PR.
Container-Privileges	✅ Passed	No privileged: true, hostPID/Network/IPC, SYS_ADMIN, or root-running containers found in Kubernetes manifests, Dockerfiles, or deployment configs.

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (1)

scripts/validate-event-handlers.sh (1)

85-87: ⚡ Quick win

Avoid unconditional stderr suppression in elevated_oc.

Dropping all stderr makes auth/permission/API failures look like empty results and obscures root cause. Consider suppressing stderr only in non-verbose mode.

Proposed refactor

 elevated_oc() {
-    ocm backplane elevate "${TICKET}" -- "${@}" 2>/dev/null
+    if [[ "${VERBOSE}" == "true" ]]; then
+        ocm backplane elevate "${TICKET}" -- "${@}"
+    else
+        ocm backplane elevate "${TICKET}" -- "${@}" 2>/dev/null
+    fi
 }

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@scripts/validate-event-handlers.sh` around lines 85 - 87, The elevated_oc
function currently unconditionally discards stderr which hides
auth/permission/API errors; change elevated_oc (the function calling ocm
backplane elevate "${TICKET}" -- "${@}") to only redirect stderr to /dev/null
when a non-verbose mode is active (e.g., check a VERBOSE or QUIET flag) and
otherwise let stderr pass through (or capture and log it); implement the
conditional around the redirection so verbose runs show ocm error output while
quiet runs suppress it.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@scripts/validate-event-handlers.sh`:
- Around line 80-83: The show_help function currently always exits 0 and option
handlers reference ${2} without checking it; change show_help() to return a
non-zero status for usage/errors (e.g., exit 2) and ensure it can
accept/propagate an explicit exit code for success vs error; for option parsing
(the -n/-t branches that use ${2}) guard access with a safe test like if [ -z
"${2:-}" ]; then echo "Missing argument for -n/-t" >&2; show_help 2; fi (or use
${2:-} in tests) before using the value, and mirror these fixes in the other
similar handler blocks referenced (the other option-check sections noted in the
comment) so missing arguments produce a clear error and non-zero exit rather
than aborting under set -u.

---

Nitpick comments:
In `@scripts/validate-event-handlers.sh`:
- Around line 85-87: The elevated_oc function currently unconditionally discards
stderr which hides auth/permission/API errors; change elevated_oc (the function
calling ocm backplane elevate "${TICKET}" -- "${@}") to only redirect stderr to
/dev/null when a non-verbose mode is active (e.g., check a VERBOSE or QUIET
flag) and otherwise let stderr pass through (or capture and log it); implement
the conditional around the redirection so verbose runs show ocm error output
while quiet runs suppress it.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository YAML (base), Central YAML (inherited)

Review profile: CHILL

Plan: Enterprise

Run ID: c79f929f-9771-4bd6-bb66-b38fa13bc128

📥 Commits

Reviewing files that changed from the base of the PR and between 39764a8 and 1ad31e0.

⛔ Files ignored due to path filters (7)

• boilerplate/_data/last-boilerplate-commit is excluded by !boilerplate/**
• boilerplate/openshift/golang-osd-operator/dependabot.yml is excluded by !boilerplate/**
• boilerplate/openshift/golang-osd-operator/ensure.sh is excluded by !boilerplate/**
• boilerplate/openshift/golang-osd-operator/olm_pko_migration.py is excluded by !boilerplate/**
• build/Dockerfile is excluded by !build/**
• build/Dockerfile.olm-registry is excluded by !build/**
• go.sum is excluded by !**/*.sum

📒 Files selected for processing (9)

• controllers/pagerdutyintegration/event_handlers.go
• controllers/pagerdutyintegration/event_handlers_test.go
• controllers/pagerdutyintegration/pagerdutyintegration_controller.go
• controllers/pagerdutyintegration/pagerdutyintegration_controller_test.go
• deploy/crds/pagerduty.openshift.io_pagerdutyintegrations.yaml
• go.mod
• pkg/pagerduty/service_test.go
• pkg/utils/utils.go
• scripts/validate-event-handlers.sh

💤 Files with no reviewable changes (2)

• pkg/pagerduty/service_test.go
• controllers/pagerdutyintegration/pagerdutyintegration_controller.go

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@scripts/validate-event-handlers.sh`:
- Line 176: The grep assignments (e.g., WATCH_COUNT=$(echo "${LOGS}" | grep
--count "Starting EventSource" 2>/dev/null || echo "0")) append an extra token
("0") when grep returns non-zero, producing malformed counters like "0 0";
replace them to rely on grep -c output (which prints 0 on no matches) by
removing the "|| echo \"0\"" fallback and using e.g. WATCH_COUNT=$(echo
"${LOGS}" | grep -c "Starting EventSource" 2>/dev/null) (apply the same change
to the other similar variables/assignments at the other locations).

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository YAML (base), Central YAML (inherited)

Review profile: CHILL

Plan: Enterprise

Run ID: 1d76ce94-23c3-4aa4-b66c-aba61613c50e

📥 Commits

Reviewing files that changed from the base of the PR and between 1ad31e0 and 972fa0f.

⛔ Files ignored due to path filters (7)

• boilerplate/_data/last-boilerplate-commit is excluded by !boilerplate/**
• boilerplate/openshift/golang-osd-operator/dependabot.yml is excluded by !boilerplate/**
• boilerplate/openshift/golang-osd-operator/ensure.sh is excluded by !boilerplate/**
• boilerplate/openshift/golang-osd-operator/olm_pko_migration.py is excluded by !boilerplate/**
• build/Dockerfile is excluded by !build/**
• build/Dockerfile.olm-registry is excluded by !build/**
• go.sum is excluded by !**/*.sum

📒 Files selected for processing (9)

• controllers/pagerdutyintegration/event_handlers.go
• controllers/pagerdutyintegration/event_handlers_test.go
• controllers/pagerdutyintegration/pagerdutyintegration_controller.go
• controllers/pagerdutyintegration/pagerdutyintegration_controller_test.go
• deploy/crds/pagerduty.openshift.io_pagerdutyintegrations.yaml
• go.mod
• pkg/pagerduty/service_test.go
• pkg/utils/utils.go
• scripts/validate-event-handlers.sh

💤 Files with no reviewable changes (2)

• pkg/pagerduty/service_test.go
• controllers/pagerdutyintegration/pagerdutyintegration_controller.go

🚧 Files skipped from review as they are similar to previous changes (6)

• pkg/utils/utils.go
• deploy/crds/pagerduty.openshift.io_pagerdutyintegrations.yaml
• controllers/pagerdutyintegration/event_handlers.go
• controllers/pagerdutyintegration/pagerdutyintegration_controller_test.go
• go.mod
• controllers/pagerdutyintegration/event_handlers_test.go

[codecov-commenter]

Codecov Report

❌ Patch coverage is 79.16667% with 5 lines in your changes missing coverage. Please review.
✅ Project coverage is 63.04%. Comparing base (12b4c06) to head (b501576).
⚠️ Report is 7 commits behind head on master.

Files with missing lines	Patch %	Lines
controllers/pagerdutyintegration/event_handlers.go	66.66%	5 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##           master     #434      +/-   ##
==========================================
+ Coverage   61.07%   63.04%   +1.96%     
==========================================
  Files          22       22              
  Lines        1824     1821       -3     
==========================================
+ Hits         1114     1148      +34     
+ Misses        567      530      -37     
  Partials      143      143              

Files with missing lines	Coverage Δ
...dutyintegration/pagerdutyintegration_controller.go	49.37% <ø> (-0.32%)	⬇️
pkg/utils/utils.go	79.45% <100.00%> (+0.88%)	⬆️
controllers/pagerdutyintegration/event_handlers.go	74.62% <66.66%> (+25.72%)	⬆️

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[clcollins]

/retest ci/prow/lint

Lint failure was a timeout (0 issues found, Timeout exceeded), not a code problem. Retesting.

Also addressed both CodeRabbit findings in the validation script:

• show_help() now exits non-zero on error paths
• Guards for missing option arguments
• Fixed grep --count || echo "0" double-output pattern

🤖 Claude claude@anthropic.com commenting on behalf of @clcollins

[clcollins]

/retest ci/prow/lint

Lint pod was terminated before golangci-lint ran — CI infrastructure issue, not a code problem.

🤖 Claude claude@anthropic.com commenting on behalf of @clcollins

[clcollins]

/retest

[clcollins]

/retest ci/prow/lint

Third OOM/infrastructure failure on lint — no code issues. Retesting.

🤖 Claude claude@anthropic.com commenting on behalf of @clcollins

[nephomaniac]

/lgtm

[clcollins]

/retest

🤖 Claude claude@anthropic.com commenting on behalf of @clcollins

[coderabbitai]

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@scripts/validate-event-handlers.sh`:
- Around line 141-149: Add explicit prerequisite checks at the start of main()
in scripts/validate-event-handlers.sh to fail fast if required CLIs are missing:
use command -v to test for oc and ocm (and any wrapper like elevated_oc if it's
an external dependency) before the first oc whoami call, and call log_fail with
a clear message and unique error code (e.g., "oc_missing" / "ocm_missing") if
either is absent; this prevents misleading downstream errors (references:
main(), elevated_oc wrapper and the oc whoami check).
- Around line 157-159: The current POD_NAME assignment uses .items[0] which can
target non-running/terminating replicas; change the elevated_oc get pods call
that sets POD_NAME to filter for a Running and Ready operator pod and select
deterministically (e.g., use --field-selector=status.phase=Running and filter
containerStatuses[*].ready=true or use --sort-by=.metadata.creationTimestamp
with a subsequent deterministic selection) so POD_NAME always points to a live
operator pod; update the POD_NAME variable assignment (the line that calls
elevated_oc get pods -n "${NAMESPACE}" -l name=pagerduty-operator ...) to
include these filters/ordering and fall back safely (empty string) if no
suitable pod is found, since POD_NAME is used for log, restart-count, and image
checks.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository YAML (base), Central YAML (inherited)

Review profile: CHILL

Plan: Enterprise

Run ID: 07e395e7-104c-483b-82e8-84f5495d4415

📥 Commits

Reviewing files that changed from the base of the PR and between 864c142 and c0c74d1.

⛔ Files ignored due to path filters (8)

• boilerplate/_data/last-boilerplate-commit is excluded by !boilerplate/**
• boilerplate/openshift/golang-osd-operator/docs/pre-commit.md is excluded by !boilerplate/**
• boilerplate/openshift/golang-osd-operator/olm_pko_migration.py is excluded by !boilerplate/**
• boilerplate/openshift/golang-osd-operator/pre-commit-config.yaml is excluded by !boilerplate/**
• boilerplate/openshift/golang-osd-operator/standard.mk is excluded by !boilerplate/**
• build/Dockerfile is excluded by !build/**
• build/Dockerfile.olm-registry is excluded by !build/**
• go.sum is excluded by !**/*.sum

📒 Files selected for processing (11)

• .pre-commit-config.yaml
• controllers/pagerdutyintegration/event_handlers.go
• controllers/pagerdutyintegration/event_handlers_test.go
• controllers/pagerdutyintegration/pagerdutyintegration_controller.go
• controllers/pagerdutyintegration/pagerdutyintegration_controller_test.go
• deploy/crds/pagerduty.openshift.io_pagerdutyintegrations.yaml
• deploy_pko/CustomResourceDefinition-pagerdutyintegrations.pagerduty.openshift.io.yaml
• go.mod
• pkg/pagerduty/service_test.go
• pkg/utils/utils.go
• scripts/validate-event-handlers.sh

💤 Files with no reviewable changes (2)

• pkg/pagerduty/service_test.go
• controllers/pagerdutyintegration/pagerdutyintegration_controller.go

✅ Files skipped from review due to trivial changes (2)

• .pre-commit-config.yaml
• deploy_pko/CustomResourceDefinition-pagerdutyintegrations.pagerduty.openshift.io.yaml

🚧 Files skipped from review as they are similar to previous changes (6)

• deploy/crds/pagerduty.openshift.io_pagerdutyintegrations.yaml
• controllers/pagerdutyintegration/pagerdutyintegration_controller_test.go
• pkg/utils/utils.go
• controllers/pagerdutyintegration/event_handlers.go
• controllers/pagerdutyintegration/event_handlers_test.go
• go.mod

[clcollins]

/retest ci/prow/validate

🤖 Claude claude@anthropic.com commenting on behalf of @clcollins

[clcollins]

/retest pull-ci-openshift-pagerduty-operator-master-validate

🤖 Claude claude@anthropic.com commenting on behalf of @clcollins

[clcollins]

/retest

🤖 Claude claude@anthropic.com commenting on behalf of @clcollins

[openshift-ci]

@clcollins: all tests passed!

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

[nephomaniac]

/lgtm

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: clcollins, nephomaniac

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• OWNERS [clcollins,nephomaniac]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment